5 matches found
MAL-2023-208 Malicious code in core-site-speed-ebay (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1583a2587d4a117d6dc59133fd52c7c8da04f57cd6265a159e8c50da5e82d8bf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview core-site-speed-ebay is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...
grunt-yellowlabtools (>=0.0.1 <=1.2.1), install-is (>=1.4.0 <=1.4.2) +3 more potentially affected by CVE-2022-25906 via is-http2 (>=1.0.4 <=1.2.0)
is-http2 NPM version =1.0.4, =0.0.1, =1.4.0, =1.0.0, =1.10.0, =1.13.4 Source cves: CVE-2022-25906 Source advisory: OSV:GHSA-2275-RPF5-XV8H...
Malicious Package
Overview site-speed-above-the-fold-timer is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable i...
grunt-yellowlabtools (>=0.0.1 <=1.2.1), install-is (>=1.4.0 <=1.4.2) +3 more potentially affected by CVE-2022-25906 via is-http2 (>=1.0.4 <=1.2.0)
is-http2 NPM version =1.0.4, =0.0.1, =1.4.0, =1.0.0, =1.10.0, =1.13.4 Source cves: CVE-2022-25906 Source advisory: SNYK:JS-ISHTTP2-3153878...